Unauthenticated Information Disclosure in TheHive by Cortex
CVE-2026-63098
Key Information:
- Vendor
Thehive-project
- Status
- Vendor
- CVE Published:
- 17 July 2026
Badges
What is CVE-2026-63098?
TheHive version 4.1.24 is vulnerable to an unauthenticated information disclosure that permits attackers to access sensitive configuration details simply by sending a GET request to the /api/status endpoint. This endpoint inadequately enforces authentication checks, enabling potential attackers to extract critical information, including the datastore attachment protection password, configured authentication providers, Single Sign-On (SSO) configurations, Multi-Factor Authentication (MFA) capabilities, and details of clustered node addresses and roles, all without requiring any credentials.
Affected Version(s)
TheHive 0 <= 4.1.24
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
